Episode534

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #534

Recorded October 19, 2017 at G-Unit Studios in Rhode Island!

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Interview: Wendy Nather, Duo Security - 6:00PM-6:45PM

    Wendy Nather is Principal Security Strategist at Duo Security. She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She speaks regularly on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine's Women in IT Security "Power Players" in 2014.

    Tech Segment: Borrowing Data to “Hide” Binaries with Joe Vest and Andrew Chiles, MINIS - 6:45-7:45PM

    Joe Vest is the Co-Founder of the security consulting company MINIS LLC. He has over 17 years' experience with a focus on red teaming, penetration testing, and application security. Joe is the co-author of the SANS SEC564 Red Teaming and Threat Emulation course.

    Andrew is a Red Teamer at MINIS LLC.

    Links

    http://threatexpress.com/2017/10/metatwin-borrowing-microsoft-metadata-and-digital-signatures-to-hide-binaries/

    Security News - 7:45-8:45PM


    Paul's Stories

    1. Child Safety Smartwatches Easy To Hack, Watchdog Says
    2. Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
    3. Microsoft Mocks Google For Failed Security Fix Deployment Methodology
    4. Enable Google's New "Advanced Protection" If You Don't Want to Get Hacked
    5. 5 Steps to Building a Vulnerability Management Program Part 2
    6. 5 Steps to Building a Vulnerability Management Program Pt. 1
    7. Technology to Out Sex Workers
    8. Docker and Kubernetes: Breaking the Proprietary Mindset
    9. IoT Deployment Security Top Concern for Enterprises
    10. Kids smartwatches harbouring major security flaws
    11. Hackers Take Aim at SSH Keys in New Attacks
    12. Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps

    Larry's Stories

    1. Faulty RSA implementation, oh my
    2. KRACK is WHACK

    Jeff's Stories

    1. A new software security framework from the PCI Council
    2. Pizza Hut Breach
    3. Judge shocked to learn NYPD’s evidence database has no backup
    4. Silly Millennials...

    Mark's Stories

    1. GTA V Honeypot